Like an NT hash (AKA NTLM hash) and a Kerberos ticket, a Primary Refresh Token (PRT) can be passed in an attack. Mimikatz author Benjamin Delpy and Dirk-jan Mollema have both released detailed research and code showing how attackers could Pass-the-PRT to perform the lateral movement to the cloud.
Here we take a brief look at what a PRT is and how cyber-criminals could exploit it to launch attacks.
Feeling up-to-date? Take the challenge and complete the fifth edition of the CQURE quiz!
Check if your cyber-skills are still on point by taking the new and fresh CQURE quiz created by Paula J. and the team of experts at CQURE. We’ve set nearly 30 multiple-choice questions for the class of 2020 to sort the cyber-savvy from the geeky newbies.